5.5
CVE-2026-23273 - macvlan: observe an RCU grace period in macvlan_common_newlink() error path
In the Linux kernel, the following vulnerability has been resolved: macvlan: observe an RCU grace period in macvlan_common_newlink() error path valis reported that a race condition still happens after my prior patch. macvlan_common_newlink() might have made @dev visible before detecting an errorβ¦
5.3
CVE-2025-46598 - Denial of Service via Crafted Transaction in Bitcoin Core
Bitcoin Core through 29.0 allows a denial of service via a crafted transaction.
6.5
CVE-2026-30578 - Reflected XSS via GET 'dir' parameter in File Thinghie 2.5.7
File Thinghie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the "dir" parameter of the GET request to invoke arbitrary javascript code.
5.5
CVE-2026-23276 - net: add xmit recursion limit to tunnel xmit functions
In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions (iptunnel_xmit, ip6tunnel_xmit) lack their own recursion limit. When a bond device in broadcast mode has GRE tap interfaces as slaves, and those GRE tunβ¦
6.1
CVE-2026-29828 - CrossβSite Scripting Vulnerability in DooTask Project Description Field
DooTask v1.6.27 has a Cross-Site Scripting (XSS) vulnerability in the /manage/project/<id> page via the input field projectDesc.
5.5
CVE-2026-23271 - perf: Fix __perf_event_overflow() vs perf_remove_from_context() race
In the Linux kernel, the following vulnerability has been resolved: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race Make sure that __perf_event_overflow() runs with IRQs disabled for all possible callchains. Specifically the software events can end up running it with only preβ¦
5.4
CVE-2026-33372 - CrossβSite Request Forgery in Zimbra Webmail
An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A cross-site request forgery (CSRF) vulnerability exists in Zimbra Webmail due to improper validation of CSRF tokens. The application accepts CSRF tokens supplied within the request body instead of requiring them through the expecβ¦
4.3
CVE-2026-33371 - XML External Entity Vulnerability in Zimbra Collaboration 10.0/10.1 EWS SOAP Interface
An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the Zimbra Exchange Web Services (EWS) SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML paβ¦
9.8
CVE-2024-44722 - Arbitrary Command Execution via 'aaa' Function in SysAK
SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd.
4.3
CVE-2026-33369 - LDAP Injection in Zimbra Collaboration Mailbox SOAP Service
Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit thiβ¦